CVE-2026-27014
📋 TL;DR
This vulnerability in NanaZip's ROMFS archive parser allows attackers to create malicious archives that cause infinite loops or stack overflows when processed. Users who open specially crafted ROMFS archives with vulnerable versions of NanaZip are affected. The issue can lead to denial of service or potentially arbitrary code execution.
💻 Affected Systems
- NanaZip
📦 What is this software?
Nanazip by M2team
⚠️ Risk & Real-World Impact
Worst Case
Remote code execution leading to complete system compromise if stack overflow can be leveraged for arbitrary code execution.
Likely Case
Denial of service through application crash or hang when processing malicious archives.
If Mitigated
Application crash with no further impact if proper sandboxing and memory protections are in place.
🎯 Exploit Status
Exploitation requires user interaction to open a malicious archive. The advisory suggests potential for arbitrary code execution but doesn't confirm weaponization.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 6.0.1630.0
Vendor Advisory: https://github.com/M2Team/NanaZip/security/advisories/GHSA-fc89-3f57-h9q5
Restart Required: No
Instructions:
1. Download NanaZip version 6.0.1630.0 or later from the official repository. 2. Install the updated version. 3. Verify the installation shows version 6.0.1630.0 or higher.
🔧 Temporary Workarounds
Disable ROMFS archive processing
windowsConfigure NanaZip to not process ROMFS archives if possible through settings or registry modifications.
Use alternative archive software
windowsTemporarily use other archive tools for ROMFS files until patched.
🧯 If You Can't Patch
- Implement application whitelisting to prevent execution of NanaZip in vulnerable versions.
- Educate users to avoid opening ROMFS archives from untrusted sources and implement file type restrictions.
🔍 How to Verify
Check if Vulnerable:
Check NanaZip version in About dialog or via Windows Programs and Features. If version is between 5.0.1252.0 and 6.0.1629.0 inclusive, it's vulnerable.Check Version:
Check via NanaZip GUI: Help → About NanaZipVerify Fix Applied:
Confirm version is 6.0.1630.0 or higher in About dialog. Test with known safe ROMFS archives to ensure proper processing.📡 Detection & Monitoring
Log Indicators:
- Application crashes with stack overflow errors
- High CPU usage from NanaZip process without completion
- Windows Application Event Log entries showing NanaZip failures
Network Indicators:
- Downloads of ROMFS archive files from untrusted sources
SIEM Query:
EventID=1000 OR EventID=1001 AND Source='Application Error' AND ProcessName='NanaZip.exe'